<?php
	// check number of params and their names and their sizes
	if (sizeof($_POST) != 3 || !array_key_exists('sha1un', $_POST) || !array_key_exists('otpcode', $_POST) || !array_key_exists('un', $_POST) || !(strlen(trim($_POST['sha1un'])) == 40))
	{
		// just silently exit cuz this could be a spoof http request
		exit();
	}

	// if passed connect to db and define variables 
	$mysqli = new mysqli('localhost', 'root', 'project3', 'server2');
	if ($mysqli->connect_errno)
	{
		echo "Database connection error!";
		$mysqli->close();
		exit();
	}
	$sha1un = $_POST['sha1un'];
	$otpcode = $_POST['otpcode'];
	$un = $_POST['un'];

	// if passed then validate the code
	$res = $mysqli->query("select count(*) as total from 2fa where sha1un like '$sha1un' and code like '$otpcode'");
	$ob = $res->fetch_object();
	$res->close();
	if ($ob->total != 1)
	{
		echo '<p style="color:red">Invalid code!</p>';
		$mysqli->close();
		exit();
	}

	// if passed then echo security settings page
	$s = <<<EOT
					<!doctype html>
					<html>
						<head>
							<title>Server2 - Security Settings</title>
							<meta charset="utf-8">
					
							<script>
							function savesettings()
							{   
								var is2fa = (document.getElementById('2fa').checked ? true : false);
								var otptype = (document.getElementById('otppref-e').checked ? 'e' : 'p' );
								var isia = (document.getElementById('ia').checked ? true : false);
								xmlhttp = new XMLHttpRequest();
								xmlhttp.open("POST","savesettings.php");
								xmlhttp.onreadystatechange = function()
								{   
									if (xmlhttp.readyState == 4 && xmlhttp.status == 200)
									{   
										if (xmlhttp.responseText == "0")
										{
											alert("Your settings have been saved");
											return;
										}
										if (xmlhttp.responseText == "4")
										{
											alert("Nothing changed!");
											return;
										}
										alert('Your setting have NOT been changed because: ' + xmlhttp.responseText);
									}   
								}   
								var fd = new FormData();
								fd.append('un', 
EOT;

								$s .= " '$un');";
								$s .= <<<EOT
								fd.append('is2fa', is2fa);
								fd.append('otptype', otptype);
								fd.append('isia', isia);
								xmlhttp.send(fd);
							}
							function restoreIA()
							{
								xhr = new XMLHttpRequest();
								xhr.open("POST", "restoreIA.php");
								xhr.onreadystatechange = function()
								{
									if (xhr.readyState == 4 && xhr.status == 200)
									{
										if (xhr.responseText == "0")
										{
											alert("Please check your email/phone for a message regarding restoring your account.");
											return;
										}
										alert("Error: " + xhr.responseText);
									}
								}
							

								var fd = new FormData();
								fd.append('un', 
EOT;

								$s .= " '$un');";
								$s .= <<<EOT
								xhr.send(fd);
							}   
							</script>

						</head>
				
						<body>
							<h1>Security Settings</h1>
							<table>
								<tr>
									<td width="150">Use 2FA</td>
									<td><input type="checkbox" name="cbs[]" id="2fa" value="2fa" 
EOT;

				$res = $mysqli->query("select * from users where un like '$un'");
				$ob = $res->fetch_object();
				
				if ($ob->is2fa == 'y')
				{
					$s .= "checked=\"yes\"";
				}

				$s .= <<<EOT
									/></td>
								</tr>
								<tr>
									<td>OTP method</td>
EOT;
				if ($ob->otppref == "e")
				{
					$s .= '<td><input type="radio" name="otppref" id="otppref-e" value="e" checked/>Email &nbsp;&nbsp;&nbsp;<input type="radio" name="otppref" id="otppref-p" value="p" />SMS</td>';
				}
				else
				{
					$s .= '<td><input type="radio" name="otppref" id="otppref-e" value="e" />Email &nbsp;&nbsp;&nbsp;<input type="radio" name="otppref" id="otppref-p" value="p" checked/>SMS</td>';
				}

				$s .= <<<EOT

								</tr>
								<tr>
									<td width="150">Use Impl. Auth.</td>
									<td><input type="checkbox" name="cbs[]" id="ia" value="ia" 
EOT;
				if ($ob->isia == 'y')
				{
					$s .= "checked=\"yes\"";
				}

				$s .= <<<EOT
									/></td>
								</tr>
								<tr>
									<td colspan="2" align="center" style="padding: 25px 0px" ><input type="submit" value="Save" onclick="savesettings()"/></td>
								</tr>
								<tr>
									<td colspan="2" align="center" style="padding: 25px 0px" ><input type="submit" value="Restore your IA account" onclick="restoreIA()"/></td>
								</tr>
							</table>
						</body>
					</html>
EOT;
					echo $s;

?>
